前言
curl是利用URL语法在命令行方式下工作的开源文件传输工具。它被广泛应用在Unix、多种Linux发行版中,并且有DOS和Win32、Win64下的移植版本。在日常的开发和问题处理中,经常会使用curl命令来测试http接口,Windows/macOS环境上有很多接口测试的工具比如Postman,但这些工具在Linux平台上使用起来相对不那么便捷。有时候当我们要测试一些外部接口时,当本地无权调用测试路径时,需要将测试建立在Linux平台,除了封装简单的请求代码进行实现外,可通过curl工具实现。当然我们平时接触curl命令最多的地方还是在Linux环境,本来curl作为常用命令应该不用多介绍,但是在使用Jenkins API做数据迁移的过程中发现自己对curl相关的命令还是不熟悉,借这个机会重新梳理一些技巧。
curl命令学习使用小结
更新历史
2020年02月05日 - 初稿
阅读原文 - https://wsgzao.github.io/post...
curl简介
curl is a tool to transfer data from or to a server, using one of the supported protocols (DICT, FILE, FTP, FTPS, GOPHER, HTTP, HTTPS, IMAP, IMAPS, LDAP, LDAPS, POP3, POP3S, RTMP, RTSP, SCP, SFTP, SMB, SMBS, SMTP, SMTPS, TELNET and TFTP). The command is designed to work without user interaction.
curl offers a busload of useful tricks like proxy support, user authentication, FTP upload, HTTP post, SSL connections, cookies, file transfer resume, Metalink, and more. As you will see below, the number of features will make your head spin!
curl 支持你做很多事情。你可以把 curl 想象成一个精简的命令行网页浏览器。它支持几乎你能想到的所有协议,可以交互访问几乎所有在线内容。唯一和浏览器不同的是,curl 不会渲染接收到的相应信息。
curl常用命令
curl 是一个利用URL语法在命令行下工作的文件传输工具。它支持文件上传和下载,所以是综合传输工具,但按传统,习惯称 curl 为下载工具。其语法格式及常见参数含义如下,
# 语法
curl [option] [url]
# 最简单的使用,获取服务器内容,默认将输出打印到标准输出中(STDOUT)中。
curl http://www.centos.org
# 添加-v参数可以看到详细解析过程,通常用于debug
curl -v http://www.centos.org
# curl发送Get请求
curl URL
curl URL -O 文件绝对路径
# curl发送post请求
# 请求主体用json格式
curl -X POST -H 'content-type: application/json' -d @json文件绝对路径 URL
curl -X POST -H 'content-type: application/json' -d 'json内容' URL
# 请求主体用xml格式
curl -X POST -H 'content-type: application/xml' -d @xml文件绝对路径 URL
curl -X POST -H 'content-type: application/xml' -d 'xml内容' URL
# 设置cookies
curl URL --cookie "cookie内容"
curl URL --cookie-jar cookie文件绝对路径
# 设置代理字符串
curl URL --user-agent "代理内容"
curl URL -A "代理内容"
# curl限制带宽
curl URL --limit-rate 速度
# curl认证
curl -u user:pwd URL
curl -u user URL
# 只打印http头部信息
curl -I URL
curl -head URL
# 末尾参数
--progress 显示进度条
--silent 不现实进度条
# 不需要修改/etc/hosts,curl直接解析ip请求域名
# 将 http://example.com 或 https://example.com 请求指定域名解析的IP为127.0.0.1
curl --resolve example.com:80:127.0.0.1 http://example.com/
curl --resolve example.com:443:127.0.0.1 https://example.com/
curl接口测试
curl 可以很方便地完成对 REST API 的调用场景,比如:设置 Header,指定 HTTP 请求方法,指定 HTTP 消息体,指定权限认证信息等。通过 -v 选项也能输出 REST 请求的所有返回信息。curl 功能很强大,有很多参数,这里列出 REST 测试常用的参数:
-X/--request [GET|POST|PUT|DELETE|…] 指定请求的 HTTP 方法
-H/--header 指定请求的 HTTP Header
-d/--data 指定请求的 HTTP 消息体(Body)
-v/--verbose 输出详细的返回信息
-u/--user 指定账号、密码
-b/--cookie 读取 cookie
# 典型的测试命令为:
curl -v -X POST -H "Content-Type: application/json" http://127.0.0.1:8080/user -d'{"username":"admin","password":"admin1234"}'...
# 测试get请求
curl http://www.linuxidc.com/login.cgi?user=test001&password=123456
# 测试post请求
curl -d "user=nickwolfe&password=12345" http://www.linuxidc.com/login.cgi
# 请求主体用json格式
curl -X POST -H 'content-type: application/json' -d @json文件绝对路径 URL
curl -X POST -H 'content-type: application/json' -d 'json内容' URL
# 请求主体用xml格式
curl -X POST -H 'content-type: application/xml' -d @xml文件绝对路径 URL
curl -X POST -H 'content-type: application/xml' -d 'xml内容' URL
# 发送post请求时需要使用-X选项,除了使用POST外,还可以使用http规范定义的其它请求谓词,如PUT,DELETE等
curl -XPOST url
#发送post请求时,通常需要指定请求体数据。可以使用-d或--data来指定发送的请求体。
curl -XPOST -d "name=leo&age=12" url
# 如果需要对请求数据进行urlencode,可以使用下面的方式:
curl -XPOST --data-urlencode "name=leo&age=12" url
# 此外发送post请求还可以有如下几种子选项:
–data-raw
–data-ascii
–data-binary
使用curl和Jenkins REST API
# To retrieve the job config.xml
curl -X GET '/job//config.xml' -u username:API_TOKEN -o .xml
# to use this config to create a new job
curl -s -XPOST '/createItem?name=' -u username:API_TOKEN --data-binary @.xml -H "Content-Type:text/xml"
# get all jenkins jobs
curl -X GET '/api/json?pretty=true' -u username:API_TOKEN -o jobs.json
# get jenkins view
curl -X GET '/view//api/json' -u username:API_TOKEN -o view.json
curl help
curl --help
Usage: curl [options...]
Options: (H) means HTTP/HTTPS only, (F) means FTP only
--anyauth Pick "any" authentication method (H)
-a, --append Append to target file when uploading (F/SFTP)
--basic Use HTTP Basic Authentication (H)
--cacert FILE CA certificate to verify peer against (SSL)
--capath DIR CA directory to verify peer against (SSL)
-E, --cert CERT[:PASSWD] Client certificate file and password (SSL)
--cert-status Verify the status of the server certificate (SSL)
--cert-type TYPE Certificate file type (DER/PEM/ENG) (SSL)
--ciphers LIST SSL ciphers to use (SSL)
--compressed Request compressed response (using deflate or gzip)
-K, --config FILE Read config from FILE
--connect-timeout SECONDS Maximum time allowed for connection
--connect-to HOST1:PORT1:HOST2:PORT2 Connect to host (network level)
-C, --continue-at OFFSET Resumed transfer OFFSET
-b, --cookie STRING/FILE Read cookies from STRING/FILE (H)
-c, --cookie-jar FILE Write cookies to FILE after operation (H)
--create-dirs Create necessary local directory hierarchy
--crlf Convert LF to CRLF in upload
--crlfile FILE Get a CRL list in PEM format from the given file
-d, --data DATA HTTP POST data (H)
--data-raw DATA HTTP POST data, '@' allowed (H)
--data-ascii DATA HTTP POST ASCII data (H)
--data-binary DATA HTTP POST binary data (H)
--data-urlencode DATA HTTP POST data url encoded (H)
--delegation STRING GSS-API delegation permission
--digest Use HTTP Digest Authentication (H)
--disable-eprt Inhibit using EPRT or LPRT (F)
--disable-epsv Inhibit using EPSV (F)
--dns-servers DNS server addrs to use: 1.1.1.1;2.2.2.2
--dns-interface Interface to use for DNS requests
--dns-ipv4-addr IPv4 address to use for DNS requests, dot notation
--dns-ipv6-addr IPv6 address to use for DNS requests, dot notation
-D, --dump-header FILE Write the received headers to FILE
--egd-file FILE EGD socket path for random data (SSL)
--engine ENGINE Crypto engine (use "--engine list" for list) (SSL)
--expect100-timeout SECONDS How long to wait for 100-continue (H)
-f, --fail Fail silently (no output at all) on HTTP errors (H)
--fail-early Fail on first transfer error, do not continue
--false-start Enable TLS False Start.
-F, --form CONTENT Specify HTTP multipart POST data (H)
--form-string STRING Specify HTTP multipart POST data (H)
--ftp-account DATA Account data string (F)
--ftp-alternative-to-user COMMAND String to replace "USER [name]" (F)
--ftp-create-dirs Create the remote dirs if not present (F)
--ftp-method [MULTICWD/NOCWD/SINGLECWD] Control CWD usage (F)
--ftp-pasv Use PASV/EPSV instead of PORT (F)
-P, --ftp-port ADR Use PORT with given address instead of PASV (F)
--ftp-skip-pasv-ip Skip the IP address for PASV (F)
--ftp-pret Send PRET before PASV (for drftpd) (F)
--ftp-ssl-ccc Send CCC after authenticating (F)
--ftp-ssl-ccc-mode ACTIVE/PASSIVE Set CCC mode (F)
--ftp-ssl-control Require SSL/TLS for FTP login, clear for transfer (F)
-G, --get Send the -d data with a HTTP GET (H)
-g, --globoff Disable URL sequences and ranges using {} and []
-H, --header LINE Pass custom header LINE to server (H)
-I, --head Show document info only
-h, --help This help text
--hostpubmd5 MD5 Hex-encoded MD5 string of the host public key. (SSH)
-0, --http1.0 Use HTTP 1.0 (H)
--http1.1 Use HTTP 1.1 (H)
--http2 Use HTTP 2 (H)
--http2-prior-knowledge Use HTTP 2 without HTTP/1.1 Upgrade (H)
--ignore-content-length Ignore the HTTP Content-Length header
-i, --include Include protocol headers in the output (H/F)
-k, --insecure Allow connections to SSL sites without certs (H)
--interface INTERFACE Use network INTERFACE (or address)
-4, --ipv4 Resolve name to IPv4 address
-6, --ipv6 Resolve name to IPv6 address
-j, --junk-session-cookies Ignore session cookies read from file (H)
--keepalive-time SECONDS Wait SECONDS between keepalive probes
--key KEY Private key file name (SSL/SSH)
--key-type TYPE Private key file type (DER/PEM/ENG) (SSL)
--krb LEVEL Enable Kerberos with security LEVEL (F)
--libcurl FILE Dump libcurl equivalent code of this command line
--limit-rate RATE Limit transfer speed to RATE
-l, --list-only List only mode (F/POP3)
--local-port RANGE Force use of RANGE for local port numbers
-L, --location Follow redirects (H)
--location-trusted Like '--location', and send auth to other hosts (H)
--login-options OPTIONS Server login options (IMAP, POP3, SMTP)
-M, --manual Display the full manual
--mail-from FROM Mail from this address (SMTP)
--mail-rcpt TO Mail to this/these addresses (SMTP)
--mail-auth AUTH Originator address of the original email (SMTP)
--max-filesize BYTES Maximum file size to download (H/F)
--max-redirs NUM Maximum number of redirects allowed (H)
-m, --max-time SECONDS Maximum time allowed for the transfer
--metalink Process given URLs as metalink XML file
--negotiate Use HTTP Negotiate (SPNEGO) authentication (H)
-n, --netrc Must read .netrc for user name and password
--netrc-optional Use either .netrc or URL; overrides -n
--netrc-file FILE Specify FILE for netrc
-:, --next Allows the following URL to use a separate set of options
--no-alpn Disable the ALPN TLS extension (H)
-N, --no-buffer Disable buffering of the output stream
--no-keepalive Disable keepalive use on the connection
--no-npn Disable the NPN TLS extension (H)
--no-sessionid Disable SSL session-ID reusing (SSL)
--noproxy List of hosts which do not use proxy
--ntlm Use HTTP NTLM authentication (H)
--ntlm-wb Use HTTP NTLM authentication with winbind (H)
--oauth2-bearer TOKEN OAuth 2 Bearer Token (IMAP, POP3, SMTP)
-o, --output FILE Write to FILE instead of stdout
--pass PASS Pass phrase for the private key (SSL/SSH)
--path-as-is Do not squash .. sequences in URL path
--pinnedpubkey FILE/HASHES Public key to verify peer against (SSL)
--post301 Do not switch to GET after following a 301 redirect (H)
--post302 Do not switch to GET after following a 302 redirect (H)
--post303 Do not switch to GET after following a 303 redirect (H)
--preproxy [PROTOCOL://]HOST[:PORT] Proxy before HTTP(S) proxy
-#, --progress-bar Display transfer progress as a progress bar
--proto PROTOCOLS Enable/disable PROTOCOLS
--proto-default PROTOCOL Use PROTOCOL for any URL missing a scheme
--proto-redir PROTOCOLS Enable/disable PROTOCOLS on redirect
-x, --proxy [PROTOCOL://]HOST[:PORT] Use proxy on given port
--proxy-anyauth Pick "any" proxy authentication method (H)
--proxy-basic Use Basic authentication on the proxy (H)
--proxy-digest Use Digest authentication on the proxy (H)
--proxy-cacert FILE CA certificate to verify peer against for proxy (SSL)
--proxy-capath DIR CA directory to verify peer against for proxy (SSL)
--proxy-cert CERT[:PASSWD] Client certificate file and password for proxy (SSL)
--proxy-cert-type TYPE Certificate file type (DER/PEM/ENG) for proxy (SSL)
--proxy-ciphers LIST SSL ciphers to use for proxy (SSL)
--proxy-crlfile FILE Get a CRL list in PEM format from the given file for proxy
--proxy-insecure Allow connections to SSL sites without certs for proxy (H)
--proxy-key KEY Private key file name for proxy (SSL)
--proxy-key-type TYPE Private key file type for proxy (DER/PEM/ENG) (SSL)
--proxy-negotiate Use HTTP Negotiate (SPNEGO) authentication on the proxy (H)
--proxy-ntlm Use NTLM authentication on the proxy (H)
--proxy-header LINE Pass custom header LINE to proxy (H)
--proxy-pass PASS Pass phrase for the private key for proxy (SSL)
--proxy-ssl-allow-beast Allow security flaw to improve interop for proxy (SSL)
--proxy-tlsv1 Use TLSv1 for proxy (SSL)
--proxy-tlsuser USER TLS username for proxy
--proxy-tlspassword STRING TLS password for proxy
--proxy-tlsauthtype STRING TLS authentication type for proxy (default SRP)
--proxy-service-name NAME SPNEGO proxy service name
--service-name NAME SPNEGO service name
-U, --proxy-user USER[:PASSWORD] Proxy user and password
--proxy1.0 HOST[:PORT] Use HTTP/1.0 proxy on given port
-p, --proxytunnel Operate through a HTTP proxy tunnel (using CONNECT)
--pubkey KEY Public key file name (SSH)
-Q, --quote CMD Send command(s) to server before transfer (F/SFTP)
--random-file FILE File for reading random data from (SSL)
-r, --range RANGE Retrieve only the bytes within RANGE
--raw Do HTTP "raw"; no transfer decoding (H)
-e, --referer Referer URL (H)
-J, --remote-header-name Use the header-provided filename (H)
-O, --remote-name Write output to a file named as the remote file
--remote-name-all Use the remote file name for all URLs
-R, --remote-time Set the remote file's time on the local output
-X, --request COMMAND Specify request command to use
--resolve HOST:PORT:ADDRESS Force resolve of HOST:PORT to ADDRESS
--retry NUM Retry request NUM times if transient problems occur
--retry-connrefused Retry on connection refused (use with --retry)
--retry-delay SECONDS Wait SECONDS between retries
--retry-max-time SECONDS Retry only within this period
--sasl-ir Enable initial response in SASL authentication
-S, --show-error Show error. With -s, make curl show errors when they occur
-s, --silent Silent mode (don't output anything)
--socks4 HOST[:PORT] SOCKS4 proxy on given host + port
--socks4a HOST[:PORT] SOCKS4a proxy on given host + port
--socks5 HOST[:PORT] SOCKS5 proxy on given host + port
--socks5-hostname HOST[:PORT] SOCKS5 proxy, pass host name to proxy
--socks5-gssapi-service NAME SOCKS5 proxy service name for GSS-API
--socks5-gssapi-nec Compatibility with NEC SOCKS5 server
-Y, --speed-limit RATE Stop transfers below RATE for 'speed-time' secs
-y, --speed-time SECONDS Trigger 'speed-limit' abort after SECONDS (default: 30)
--ssl Try SSL/TLS (FTP, IMAP, POP3, SMTP)
--ssl-reqd Require SSL/TLS (FTP, IMAP, POP3, SMTP)
-2, --sslv2 Use SSLv2 (SSL)
-3, --sslv3 Use SSLv3 (SSL)
--ssl-allow-beast Allow security flaw to improve interop (SSL)
--ssl-no-revoke Disable cert revocation checks (WinSSL)
--stderr FILE Where to redirect stderr (use "-" for stdout)
--suppress-connect-headers Suppress proxy CONNECT response headers
--tcp-nodelay Use the TCP_NODELAY option
--tcp-fastopen Use TCP Fast Open
-t, --telnet-option OPT=VAL Set telnet option
--tftp-blksize VALUE Set TFTP BLKSIZE option (must be >512)
--tftp-no-options Do not send TFTP options requests
-z, --time-cond TIME Transfer based on a time condition
-1, --tlsv1 Use >= TLSv1 (SSL)
--tlsv1.0 Use TLSv1.0 (SSL)
--tlsv1.1 Use TLSv1.1 (SSL)
--tlsv1.2 Use TLSv1.2 (SSL)
--tlsv1.3 Use TLSv1.3 (SSL)
--tls-max VERSION Use TLS up to VERSION (SSL)
--trace FILE Write a debug trace to FILE
--trace-ascii FILE Like --trace, but without hex output
--trace-time Add time stamps to trace/verbose output
--tr-encoding Request compressed transfer encoding (H)
-T, --upload-file FILE Transfer FILE to destination
--url URL URL to work with
-B, --use-ascii Use ASCII/text transfer
-u, --user USER[:PASSWORD] Server user and password
--tlsuser USER TLS username
--tlspassword STRING TLS password
--tlsauthtype STRING TLS authentication type (default: SRP)
--unix-socket PATH Connect through this Unix domain socket
--abstract-unix-socket PATH Connect to an abstract Unix domain socket
-A, --user-agent STRING Send User-Agent STRING to server (H)
-v, --verbose Make the operation more talkative
-V, --version Show version number and quit
-w, --write-out FORMAT Use output FORMAT after completion
--xattr Store metadata in extended file attributes
-q, --disable Disable .curlrc (must be first parameter)